yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
4,410 Commits 119 Branches 6 Tags
1ac8f6914d483f7711d371f39fe045768826047c
Commit Graph

4410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Louis Opter
69b9f1ae23 fix: clan secrets user get dump the user identity correctly 2024-10-04 15:36:30 +00:00
Louis Opter
cf492b15aa Fix key dump in clan secrets key show 
```
In [4]: str(Type.AGE)
Out[4]: Type.AGE

In [5]: Type.AGE.name.lower()
Out[5]: age
```
 2024-10-04 15:36:30 +00:00
Jörg Thalheim
5d87bc2435 secrets/show: pretty print json 2024-10-04 15:36:30 +00:00
Jörg Thalheim
105e6bd86a secrets: replace Key, key type tuple with SopsKey class 2024-10-04 15:36:30 +00:00
Jörg Thalheim
160fe82576 fix serialisation of SopsKey type 2024-10-04 15:36:30 +00:00
Jörg Thalheim
9c25b4d61c error if we cannot load a dataclass from file 2024-10-04 15:36:30 +00:00
Jörg Thalheim
ca4ff0611c default key type to age and rename to age-key/pgp-key 2024-10-04 15:36:30 +00:00
Jörg Thalheim
4cd4334b1c secrets: do not shadow python builtins 2024-10-04 15:36:30 +00:00
Louis Opter
d18c0fa3ae Fix: do not assume users use age keys in vars/sops 
With added support for PGP for users keys, do not assume an age key is
going to be present in secrets files.
 2024-10-04 15:36:30 +00:00
Louis Opter
b2e796145a Fix: use new sops api in clan secrets machines 2024-10-04 15:36:30 +00:00
Louis Opter
7a673ea95f Draft: clan-cli: secrets: Add support for PGP keys with sops-nix 
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).

The internal manifest file already supported a type field, and so I built
from there.

With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:

```
% clan secrets key show | jq
{
  "key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
  "type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
 2024-10-04 15:36:30 +00:00
clan-bot
dd17fbdc6d Merge pull request 'vars/keygen: fix + cleanup tests' (#2201) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 15:32:31 +00:00
DavHau
11c37ebeba vars/keygen: fix + cleanup tests 
- generate keys in ./sops instead of ./sops/vars for now
- don't initialize all flakes with sops keys, only generate when needed
- use the new 'clan vars keygen' in tests
 2024-10-04 17:25:17 +02:00
clan-bot
73daa2ecc1 Merge pull request 'vars: add 'clan vars keygen'' (#2200) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 14:21:10 +00:00
DavHau
2a9ced1e26 vars: add 'clan vars keygen' 2024-10-04 16:13:49 +02:00
clan-bot
023ee42152 Merge pull request 'vars: refactor - copy logic to sops secret module' (#2199) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-04 12:40:55 +00:00
clan-bot
12ac73ba4f Merge pull request 'Interfaces: unclutter meta interface, file conflict position tracking' (#2198) from hsjobeki/clan-core:hsjobeki-roles-interface into main 2024-10-04 12:38:53 +00:00
DavHau
ae53ea7399 vars: refactor - copy logic to sops secret module 
This is in preparation for moving the storage away from ./sops to ./vars/sops
 2024-10-04 14:31:22 +02:00
Johannes Kirschbauer
f169b1bcd1 Meta.name: not nullable, since deduped 2024-10-04 14:30:50 +02:00
Johannes Kirschbauer
68a571f858 Interfaces: unclutter meta interface, file conflict position tracking 2024-10-04 13:48:11 +02:00
Luis Hebendanz
92107e88d2 Merge pull request 'clanModules: Fix disk-id and machine-id' (#2196) from Qubasa/clan-core:Qubasa-main into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2196
 2024-10-03 13:43:06 +00:00
Qubasa
7ac1e4e99a clanModules: Fix disk-id and machine-id 2024-10-03 15:42:56 +02:00
Luis Hebendanz
2315050244 Merge pull request 'clanModules: Fix disk-id and machine-id' (#2195) from Qubasa/clan-core:Qubasa-main into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2195
 2024-10-03 13:40:37 +00:00
Qubasa
219636e67f clanModules: Fix disk-id and machine-id 2024-10-03 15:40:14 +02:00
clan-bot
17dfeb38bf Merge pull request 'sops: refactor some function names for clarity' (#2171) from DavHau/clan-core:DavHau-vars-migration into main 2024-10-02 12:03:37 +00:00
DavHau
4a0207f0b3 sops: refactor some function names for clarity 2024-10-02 13:56:43 +02:00
hsjobeki
3e0d1d21f5 Merge pull request 'Inventory: improve role imports' (#2189) from hsjobeki/clan-core:hsjobeki-main into main 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/2189
 2024-10-02 09:08:36 +00:00
Johannes Kirschbauer
db2882dba5 Inventory/interface: optional instances, allow to use modules without inventory 2024-10-02 11:01:06 +02:00
Johannes Kirschbauer
f0eed06cd5 Inventory/tests: don't expect the default.nix to be imported anymore 2024-10-02 10:49:06 +02:00
Johannes Kirschbauer
c318529df6 Fix: Admin module relative dependency 2024-10-02 10:36:48 +02:00
Johannes Kirschbauer
f417a5bc0d Inventory/borgbackup: fixup structure 2024-10-02 10:01:45 +02:00
Johannes Kirschbauer
978c3c21d4 Inventory/modules: use explicit roles only 2024-10-02 10:01:44 +02:00
Johannes Kirschbauer
7eaa2abe95 Inventory/test: add borgbackup to inventory test machine 2024-10-02 10:01:44 +02:00
Johannes Kirschbauer
536ae8701d Inventory/docs: display explizit roles only 2024-10-02 10:01:44 +02:00
Johannes Kirschbauer
40f0e98b26 Inventory: improve role imports 2024-10-02 10:01:44 +02:00
clan-bot
a64da9e101 Merge pull request 'Fix leaks in vm tests' (#2192) from fix-warning into main 2024-10-02 06:42:45 +00:00
Jörg Thalheim
ca8f36201b test superflous test_vm_qmp 
we already have other tests covering this and VMs + NixOS are slow
 2024-10-01 20:57:07 +02:00
Jörg Thalheim
27b1aeb827 add temp_dir fixture 2024-10-01 20:54:19 +02:00
Jörg Thalheim
4826582547 add more custom prefixes for temporary directories 2024-10-01 20:54:19 +02:00
Jörg Thalheim
196f78d2da abort tests on python warning 2024-10-01 20:54:19 +02:00
Jörg Thalheim
8b205c78bf fix resource leaks in qmp tests 2024-10-01 20:54:19 +02:00
clan-bot
2f38955066 Merge pull request 'fix resource leaks' (#2191) from fix-warning into main 2024-10-01 18:03:58 +00:00
Jörg Thalheim
4207aef029 don't leak memory in global table unless we want to record performance 2024-10-01 19:32:00 +02:00
Jörg Thalheim
13aed0792e fix file descriptor leak in cmd.run() 
we were leaking pipes.
 2024-10-01 19:27:47 +02:00
clan-bot
a57f409224 Merge pull request 'generate: don't set type=bool in argparse.BooleanOptionalAction' (#2190) from fix-warning into main 2024-10-01 17:04:49 +00:00
Jörg Thalheim
f9a42831e4 start to name temporary directories in more places 2024-10-01 18:57:59 +02:00
Jörg Thalheim
a5e18fda08 generate: don't set type=bool in argparse.BooleanOptionalAction 2024-10-01 18:48:54 +02:00
clan-bot
0f0f056ecc Merge pull request 'docs: improve flake-parts reference' (#2187) from hsjobeki/clan-core:hsjobeki-roles-interface into main 2024-10-01 09:28:13 +00:00
Johannes Kirschbauer
47b9a1cb7f docs: improve flake-parts reference 2024-10-01 11:21:30 +02:00
clan-bot
5511fefdca Merge pull request 'Automatic flake update - treefmt-nix - 2024-09-30T00:00+00:00' (#2185) from flake-update-treefmt-nix-2024-09-30 into main 2024-09-30 00:43:42 +00:00